Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-6690
Publication date:
21/03/2019
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-6727
Publication date:
21/03/2019
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA remerge method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7347.
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2022

CVE-2019-6728
Publication date:
21/03/2019
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7353.
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2022

CVE-2019-6730
Publication date:
21/03/2019
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the popUpMenu method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7368.
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2022

CVE-2019-6501
Publication date:
21/03/2019
In QEMU 3.1, scsi_handle_inquiry_reply in hw/scsi/scsi-generic.c allows out-of-bounds write and read operations.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-6441
Publication date:
21/03/2019
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6492
Publication date:
21/03/2019
SmartDefragDriver.sys (2.0) in IObit Smart Defrag 6 never frees an executable kernel pool that is allocated with user defined bytes and size when IOCTL 0x9C401CC4 is called. This kernel pointer can be leaked if the kernel pool becomes a "big" pool.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-6282
Publication date:
21/03/2019
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2019

CVE-2019-6454
Publication date:
21/03/2019
An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-6275
Publication date:
21/03/2019
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2019

CVE-2019-6272
Publication date:
21/03/2019
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2019

CVE-2019-6274
Publication date:
21/03/2019
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2019
Subscribe to Vulnerabilities